Description:
------------
Whenever min is set to 0 and max is set to anything greater than
getrandmax (or the mt_ version) the returned PRN is always (despite
the upper limit check in the example code) a number minor than 0.
Reproduce code:
---------------
define("UL", mt_getrandmax()+1000);
$r=mt_rand(0, UL);
if ($r < 0 || $r > UL)
echo "Random value out of range\n";
Expected result:
----------------
No output
Actual result:
--------------
Random value out of range

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-03-09 14:06 UTC] mmcnickle at gmail dot com

The problem is that there is an integer overflow on UL:
------------
<?php
define('UL',mt_getrandmax() + 1000);
var_dump(UL, (int)UL);
------------
will produce
------------
float(2147484647)
int(-2147482649)
------------
The $min and $max parameter names on mt_rand() (and rand()) are misleading, as $min can be larger than $max and mt_rand will produce a correct value between $min and $max.
In the bug example, the expected result is returned: a random value between -2147482649 and 0.
If you want to change the integer overflow behaviour, it would be best to do a check using mt_getrandmax() in the PHP code:
<?php
$max = mt_getrandmax() + 1000;
if ($max > mt_getrandmax()) {
$max = mt_getrandmax();
}
$r = mt_rand(0, $max); // $r is now a number between 0 and mt_getrandmax()

This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.